One method proposed involves using ambient noise to detect the proximity between the two devices being used for authentication, which eliminates the need for a user to type in a numerical code. However, researchers at the University of Alabama at Birmingham contend this method would leave users vulnerable to malicious mobile device attacks.

In a paper published in June, Nitesh Saxena, Ph.D., and doctoral student Prakash Shrestha propose a system called the “Listening-Watch,” a more secure, minimal interaction process using a wearable device, such as a smartwatch or activity tracker, and browser-generated random speech sounds.

“Listening-Watch offers two key security features,” said Saxena, professor in the UAB College of Arts and Sciences Department of Computer Science. “It uses random code encoded into speech to withstand remote attackers. Low-sensitivity microphones found in current wearable devices cannot capture distant sounds, which will thwart proximity attackers.”

In a real-world scenario, two-factor authentication using “Listening-Watch” would be implemented by using an application installed on the wearable device.

Push messages would prompt the device to record and decode speech sounds played by the browser. When a user attempts to log in, the browser of the primary device, such as a PC terminal, laptop, smartphone or tablet, plays back a short random code encoded into human speech, and the login succeeds if the watch’s audio recording contains the same code and is similar enough to the browser’s audio recording. The speech is decoded using voice recognition technology.